Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1742


Vulnerability Score 7.5 7.5
CVE Id CVE-2009-1742
Last Modified 21 May 2009 12:00:00
Published 20 May 2009 03:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



code.php in PC4Arb Pc4 Uploader 9.0 and earlier makes it easier for remote attackers to conduct SQL injection attacks via crafted keyword sequences that are removed from a filter in the id parameter in a banner action, as demonstrated via the "UNIunionON" string, which is collapsed into "UNION" by the filter_sql function.

Vulnerable Systems


  • Pc4arb Pc4 Uploader 9.0


XF - pc4uploader-code-sql-injection(50586)

VUPEN - ADV-2009-1364

BID - 35004

MILW0RM - 8709

SECUNIA - 35122

OSVDB - 54572

Last Updated: 27 May 2016 10:50:39